Security is one of those evergreen topics that is always relevant -- and never more so than today. The move to the New IP is going to need a fundamental shift in the way the networking industry approaches security, especially when it comes to the pervasiveness of security-focused conversation and activity.
That's become more apparent to me in the last four months, in particular, when notable security experts have chosen to talk not just about beefing up security or being more aware, but about making basic changes in how we think about securing networks and data. To whit:
AT&T Inc. (NYSE: T)'s Chief Security Officer Ed Amoroso, speaking at Light Reading's Mobile Network Security Strategies Conference in December, explained his company's shift away from securing the perimeter of its networks to creating a virtual layer of security "shrink-wrap" around network assets, applications and data stores. That is a more realistic approach, he noted, because assets are much more distributed in today's networks and creating a perimeter that is 100% secure is highly unlikely. (See AT&T Adds Virtual Layer of Security.)
Heavy Reading 's Chief Analyst Patrick Donegan, speaking at Light Reading's 2020 Vision Summit in Iceland in December, noted that 70% of the service providers polled by Heavy Reading listed security as a top priority. And yet the conference at which Amoroso chaired and spoke, attracted a smaller crowd than most Light Reading events on other topics. The problem, Donegan posited, is that while everyone is concerned about security, it's often viewed as the job of a small group of specialists. Instead, security should be the concern of everyone involved in network planning as well as service creation and deployment. (See Security Suffers From 'Not My Job' Mentality .)
Just last week, Scott Borg, chief economist of the U.S. Cyber Consequences Unit, spoke at Light Reading's New IP event in San Jose about how security deployed in layers to protect devices doesn't actually secure what companies value most. He said there is a fundamental disconnect between the way service providers create value and the way their security is set up. (See Cyber Security: We're Doing It Wrong.)
The over-arching message here is that in the New IP, security is part of everyone's job, needs to be built into the network and into services from the outset, and can't be designed in the same old way it has been in the past. That may seem like a simplistic message but it is one that is critical to the underlying value of the New IP.
The cloud-based services, built on virtualized infrastructure, that will be the dominant part of the enterprise service mix going forward, have to be secured in new ways and against new threats. That means a dynamic approach to security that takes for granted an ever-shifting threat landscape and is designed to try to anticipate and not just react to what the bad guys are doing.
For that to happen, the ideas shared above must become part of the general thinking about security in the New IP.